The Office of Personnel Management hack keeps getting worse. We already know over 21.5 million federal employees had their personal information hijacked from the OPM’s servers. And now the government agency admits that 5.6 million federal employees had their fingerprints stolen.

Wired confirmed that OPM’s tally for compromised fingerprints is a lot higher than previously reported:

On Wednesday, the Office of Personnel Management admitted that the number of federal employees’ fingerprints compromised in the massive breach of its servers revealed over the summer has grown from 1.1 million to 5.6 million.

OPM is notifying the people affected, but this is very bad news. Unlike passwords and banking information, you can’t change your fingerprint—and fingerprints are now frequently used in biometric authentication from Apple’s TouchID to government checkpoints. This means whoever has access to the stolen OPM data now holds a powerful, unchangeable key.